Home » HP Manuals » Storage Devices » HP 8/20q » Manual Viewer

HP 8/20q HP StorageWorks 8/20q Fibre Channel Switch Command Line Interface Gui - Page 26

Applying IP security, Displaying IP security information, Policy and association information

Add to My Manuals
Save this manual to your list of manuals

Page 26 highlights

Applying IP security You can apply IP security to all communication between two systems, or to selected protocols, such as the Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), or the User Datagram Protocol (UDP). Furthermore, instead of applying IP security, you can choose to discard all inbound or outbound traffic, or to allow all traffic without encryption. Both the AH and ESP security protocols provide source authentication, ensure data integrity, and protect against replay. IMPORTANT: IP security configurations can be complex: it is possible to unintentionally configure policies and associations that isolate a switch from all communication. If this happens, you can disable IP security by placing the switch in maintenance mode, and correct the problem through the serial port interface. For information about using maintenance mode and connecting through the serial port, see the HP StorageWorks 8/20q Fibre Channel Switch Installation and Reference Guide. Displaying IP security information You can display the security policy and security association databases sorted by the following parameters: • Active policies and associations; that is, policies and associations currently in use • Configured policies and associations; that is, policies and associations that have been saved in the database • Policies and associations that are being edited, but have not been saved You can display the following types of IP security configuration information: • Policy and association information, page 26 • IP security configuration history, page 27 • IP security configuration limits, page 27 Policy and association information To display general or specific policy and association information, enter the ipsec list command. The ipsec list command does not require an Admin session or an Ipsec Edit session. However, in an Ipsec Edit session, the ipsec association list and ipsec policy list commands display the same information. The following example displays all active policies and associations: 8/20q FC Switch #> ipsec list Active IPsec Information Security Association Database h2h-sh-sa h2h-hs-sa Security Policy Database h2h-hs-sp h2h-sh-sp Summary ------- Security Association Count: 2 Security Policy Count: 2 26 Network Configuration

Section	Page
Contents	3
Command Line Interface Usage	11
Logging in to the switch through Telnet	11
Opening and closing an admin session	12
Entering commands	12
Table 1 Command-line completion	12
Getting help	13
Setting page breaks	13
Creating a support file	13
Downloading and uploading files	15
User Account Configuration	17
Table 2 Factory user accounts	17
Displaying user account information	17
Creating user accounts	18
Modifying user accounts and passwords	18
Network Configuration	21
Displaying the network configuration	21
Configuring the Ethernet port	22
IPv4 configuration	22
IPv6 configuration	23
DNS server configuration	24
Verifying a switch in the network	24
Managing IP security	25
IP security concepts	25
Uses of security policies	25
Applying IP security	26
Displaying IP security information	26
Policy and association information	26
IP security configuration history	27
IP security configuration limits	27
Managing the security policy database	27
Creating a policy	28
Deleting a policy	28
Modifying a user-defined policy	29
Renaming a user-defined policy	30
Copying a policy	30
Managing the security association database	30
Creating an association	31
Deleting an association	31
Modifying a user-defined association	32
Renaming a user-defined association	33
Copying an association	33
Resetting the IP security configuration	33
Switch Configuration	35
Displaying switch information	35
Name server information	36
Switch operational information	37
System process information	38
Elapsed time between resets	38
Configuration information	38
Switch configuration parameters	39
Zoning configuration parameters	39
Security configuration parameters	40
Hardware information	41
Table 3 Heartbeat LED activity	41
Firmware information	41
Managing switch services	42
Managing switch configurations	44
Displaying a list of switch configurations	44
Activating a switch configuration	44
Copying a switch configuration	44
Deleting a switch configuration	44
Modifying a switch configuration	45
Backing up and restoring a switch configuration	46
Creating the backup file	46
Downloading the configuration file	46
Restoring the configuration file	46
Paging a switch	47
Managing the date and time	47
Displaying the date and time	47
Setting the date and time explicitly	48
Setting the time through an NTP server	49
Resetting a switch	49
Table 4 Switch reset methods	49
Installing firmware	50
Non-disruptive activation	50
One-step firmware installation	51
Custom firmware installation	52
Testing a switch	52
Online tests for switches	53
Offline tests for switches	53
Connectivity tests for switches	53
Displaying switch test status	54
Canceling a switch test	54
Verifying and tracing Fibre Channel connections	55
Managing switch feature upgrades	55
Displaying feature licenses	55
Installing a feature license key	56
Managing idle session timers	56
Port Configuration	57
Displaying port information	57
Port configuration parameters	57
Port operational information	58
Port threshold alarm configuration parameters	59
Port performance	60
Transceiver information	60
Modifying port operating characteristics	61
Configuring transparent routing	62
Port binding	64
Resetting a port	65
Configuring port threshold alarms	65
Testing a port	67
Online tests for ports	67
Offline tests for ports	68
Displaying port test results	68
Canceling a port test	68
Zoning Configuration	69
Displaying zoning database information	69
Configured zoneset information	69
Active zoneset information	71
Merged zoneset information	72
Edited zoneset information	72
Zoneset membership information	72
Zone membership information	73
Orphan zone information	73
Alias and alias membership information	74
Zoning modification history	74
Zoning database limits	75
Configuring the zoning database	75
Modifying the zoning database	77
Saving the active and merged zonesets	77
Resetting the zoning database	78
Deleting inactive zonesets, zones, and aliases	78
Managing zonesets	78
Creating a zoneset	78
Deleting a zoneset	78
Renaming a zoneset	78
Copying a zoneset	79
Adding zones to a zoneset	79
Removing zones from a zoneset	79
Activating a zoneset	79
Deactivating a zoneset	79
Managing zones	79
Creating a zone	79
Deleting a zone	79
Renaming a zone	80
Copying a zone	80
Adding members to a zone	80
Removing members from a zone	80
Managing aliases	81
Creating an alias	81
Deleting an alias	81
Renaming an alias	81
Copying an alias	81
Adding members to an alias	81
Removing members from an alias	81
Connection Security Configuration	83
Managing SSL and SSH services	83
Displaying SSL and SSH services	84
Creating an SSL security certificate	84
RADIUS Server Configuration	85
Displaying RADIUS server information	85
Configuring a RADIUS server on the switch	86
Device Security Configuration	89
Displaying security database information	89
Configured security set information	89
Active security set information	90
Security set membership information	91
Group membership information	91
Security database modification history	92
Security database limits	92
Configuring the security database	93
Modifying the security database	94
Resetting the security database	94
Managing security sets	94
Creating a security set	94
Deleting a security set	94
Renaming a security set	94
Copying a security set	95
Adding groups to a security set	95
Removing groups from a security set	95
Activating a security set	95
Deactivating a security set	95
Managing groups	95
Creating a group	95
Deleting a group	95
Renaming a group	95
Copying a group	96
Adding members to a group	96
Modifying a group member	96
Removing members from a group	97
Event Log Configuration	99
Starting and stopping event logging	99
Displaying the event log	99
Table 5 Event log message format	99
Filtering the event log display	101
Controlling messages in the output stream	101
Managing the event log configuration	101
Configuring the event log	101
Displaying the event log configuration	102
Restoring the event log configuration	102
Clearing the event log	102
Logging to a remote host	102
Creating and downloading a log file	103
Call Home Configuration	105
Call Home concepts	105
Call Home requirements	105
Call Home messages	106
Technical support interface	107
Configuring the Call Home service	108
Managing the Call Home database	109
Displaying Call Home database information	110
Creating a profile	112
Deleting a profile	112
Modifying a profile	113
Renaming a profile	113
Copying a profile	113
Adding a data capture configuration	114
Modifying a data capture configuration	114
Deleting a data capture configuration	115
Testing a Call Home profile	115
Changing Simple Mail Transfer Protocol servers	115
Clearing the Call Home message queue	115
Resetting the Call Home database	116
Simple Network Management Protocol Configuration	117
Managing the SNMP service	117
Displaying SNMP information	118
Modifying the SNMP configuration	119
Resetting the SNMP configuration	120
Managing the SNMP version 3 configuration	121
Creating an SNMP version 3 user account	122
Displaying SNMP version 3 user accounts	122
Modifying an SNMP version 3 user account	123
Command Reference	125
Access authority	125
Syntax and operands	125
Notes and examples	125
admin	126
alias	127
callhome	129
Table 6 Call Home queue statistics parameters	130
capture	132
Table 7 Data capture configuration parameters	132
clone config port	135
config	136
create	139
date	141
exit	142
fcping	143
fctrace	144
feature	145
firmware install	146
group	148
Table 8 ISL group member attributes	148
Table 9 Port group member attributes	149
Table 10 MS group member attributes	149
Table 11 Group type parameters	150
Table 12 Group member attributes	150
hardreset	154
help	155
history	156
hotreset	157
image	158
ipsec	160
ipsec association	162
Table 13 Association configuration parameters	162
ipsec list	165
ipsec policy	168
Table 14 Policy configuration parameters	168
lip	171
logout	172
passwd	173
ping	174
profile	175
Table 15 Profile configuration parameters	175
ps	178
quit	179
reset	180
Table 16 Call Home service configuration defaults	182
Table 17 Switch configuration defaults	183
Table 18 Port configuration defaults	183
Table 19 Port threshold alarm configuration defaults	184
Table 20 Zoning configuration defaults	184
Table 21 SNMP configuration defaults	184
Table 22 RADIUS configuration defaults	185
Table 23 Switch services configuration defaults	185
Table 24 DNS host name configuration defaults	186
Table 25 IPv4 Ethernet configuration defaults	186
Table 26 IPv6 Ethernet configuration defaults	186
Table 27 Event logging configuration defaults	186
Table 28 NTP server configuration defaults	187
Table 29 Timer configuration defaults	187
Table 30 Security configuration defaults	187
security	188
securityset	191
set alarm	193
Table 31 Output stream alarm parameters	193
set beacon	194
Table 32 Beacon state parameters	194
set config port	195
Table 33 Port configuration parameters	195
set config security	198
Table 34 Security configuration parameters	198
set config security portbinding	199
Table 35 Port binding configuration parameters	199
set config switch	200
Table 36 Switch configuration parameters	200
set config threshold	202
Table 37 Port alarm threshold parameters	202
set config zoning	204
Table 38 Zoning configuration parameters	204
set log	205
Table 39 Component event monitoring filter parameters	205
Table 40 Event display filter parameters	206
Table 41 Severity level monitoring parameters	206
Table 42 Port monitoring parameters	206
set pagebreak	208
Table 43 Pagebreak state parameters	208
set port	209
Table 44 Transmission speed parameters	209
Table 45 Port administrative state parameters	209
set setup callhome	210
Table 46 Call Home service configuration attributes	210
set setup radius	212
Table 47 Common RADIUS server configuration attributes	212
Table 48 Server-specific RADIUS server configuration attributes	212
set setup services	215
Table 49 Switch services settings	215
set setup snmp	218
Table 50 Common SNMP configuration parameters	218
Table 51 SNMP trap configuration parameters	219
set setup system	221
Table 52 DNS host name configuration parameters	221
Table 53 IPv4 Ethernet configuration parameters	222
Table 54 IPv6 Ethernet configuration parameters	222
Table 55 Event logging configuration parameters	223
Table 56 NTP server configuration parameters	223
Table 57 Timer configuration parameters	224
set switch state	228
Table 58 Switch administrative state parameters	228
set timezone	229
show about	230
Table 59 Show about display entries	230
show alarm	232
show broadcast	233
show chassis	234
show config port	235
show config security	236
show config security portbinding	237
show config switch	238
show config threshold	239
show config zoning	240
show domains	241
show donor	242
show env	243
show fabric	244
show fdmi	245
show interface	246
show log	247
Table 60 Log monitoring components	247
Table 61 Event log display filter parameters	248
show lsdb	250
show media	251
Table 62 Transceiver information	252
show mem	254
show ns	255
Table 63 Name server display parameters	255
show pagebreak	256
show perf	257
show port	259
Table 64 Show port display entries	259
show postlog	263
show setup callhome	264
show setup mfg	265
show setup radius	266
show setup services	267
show setup snmp	268
show setup system	269
show steering	271
show switch	272
Table 65 Switch operational parameters	272
show system	274
show temp	275
show testlog	276
show timezone	277
show topology	278
show users	279
show version	280
Table 66 Show version display entries	280
show voltage	282
shutdown	283
snmpv3user	284
Table 67 SNMP version 3 user account parameters	284
test cancel	287
test port	288
Table 68 Offline port loopback types	288
Table 69 Port test parameters	288
test status	290
test switch	292
Table 70 Connectivity loopback types	292
Table 71 Offline loopback types	292
Table 72 Switch test parameters	292
uptime	294
user	295
whoami	297
zone	298
zoneset	301
zoning active	303
zoning cancel	304
zoning clear	305
zoning configured	306
zoning delete orphans	307
zoning edit	308
Table 73 Zoning database parameters	308
zoning edited	309
zoning history	310
zoning limits	311
Table 74 Zoning database limits	311
zoning list	312
zoning merged	313
zoning restore	314
zoning save	315
Support and Other Resources	317
Document conventions and symbols	317
Table 75 Document conventions	317
Contacting HP	317
HP contact information	317
Subscription service	318
Documentation feedback	318
New and changed information in this edition	318
Related information	318
Documents	318
Other HP websites	318
Customer self repair	318

Match case Limit results 1 per page

Network Configuration

Applying IP security

You can apply IP security to all communication between two systems, or to selected protocols, such as the

Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), or the User Datagram

Protocol (UDP). Furthermore, instead of applying IP security, you can choose to discard all inbound or

outbound traffic, or to allow all traffic without encryption. Both the AH and ESP security protocols provide

source authentication, ensure data integrity, and protect against replay.

IMPORTANT:

IP security configurations can be complex: it is possible to unintentionally configure policies

and associations that isolate a switch from all communication. If this happens, you can disable IP security

by placing the switch in maintenance mode, and correct the problem through the serial port interface. For

information about using maintenance mode and connecting through the serial port, see the

StorageWorks 8/20q Fibre Channel Switch Installation and Reference Guide

Displaying IP security information

You can display the security policy and security association databases sorted by the following parameters:

•

Active policies and associations; that is, policies and associations currently in use

•

Configured policies and associations; that is, policies and associations that have been saved in the

database

•

Policies and associations that are being edited, but have not been saved

You can display the following types of IP security configuration information:

•

Policy and association information

, page 26

•

IP security configuration history

, page 27

•

IP security configuration limits

, page 27

Policy and association information

To display general or specific policy and association information, enter the

ipsec list

command. The

ipsec list

command does not require an Admin session or an Ipsec Edit session. However, in an Ipsec

Edit session, the

ipsec association list

and

ipsec policy list

commands display the same

information.

The following example displays all active policies and associations:

8/20q FC Switch #> ipsec list

Active IPsec Information

Security Association Database

-----------------------------

h2h-sh-sa

h2h-hs-sa

Security Policy Database

------------------------

h2h-hs-sp

h2h-sh-sp

Summary

-------

Security Association Count:

Security Policy Count: